[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?
Iñaki Baz Castillo
ibc at in.ilimit.es
Fri Feb 8 19:16:09 CET 2008
On Friday 08 February 2008 18:34:31 Norman Brandinger wrote:
> RADIUS:
>
> sql.conf or whatever you call it:
>
> <snip>
>
> WHERE acctsessionid = '%{Acct-Session-Id}' \
> AND acctuniqueid = '%{Acct-Unique-Session-Id}' \
> AND username = '%{SQL-User-Name}' \
> AND nasipaddress = '%{NAS-IP-Address}'"
> </snip>
>
> AND acctstoptime = 0
Humm, now I see that OpenSer already does it, but it's not perfect in
conjunction with MediaProxy:
When OpenSer receives a BYE it sends a STOP action to radius server which does
a SQL query containing:
-----------------------------------------------------------
UPDATE radacct
SET [...] ConnectInfo_stop = ''
WHERE [...] AND ConnectInfo_stop IS NULL
-----------------------------------------------------------
So if a new identical BYE is received the SQL query won't have place
since "ConnectInfo_stop" now IS NOT NULL (OK).
The problem occurs if the BYE doesn't exist. Then MediaProxy sends an UPDATE
action that will perform a SQL query like:
------------------------------------------------------------
UPDATE radacct
SET [...]
WHERE [...]
------------------------------------------------------------
This SQL doesn't set ConnectInfo_stop = '' so "ConnectInfo_stop" **remains
NULL**. So then, the malicious user could send a BYE much later that will
generate an STOP action and an effective SQL query.
POSSIBLE SOLUTION:
********************
MediaProxy SQL query (or FreeRadius SQL UPDATE action) does already set:
MediaInfo = 'timeout'
The solution then could be setting a new clausule to STOP action:
where MediaInfo != "timeout"
In this way, if a calls ends because RTP timeout (there is not BYE) then a
later malicious BYE wouldn't have effect.
--
Iñaki Baz Castillo
ibc at in.ilimit.es
More information about the Users
mailing list